[USN-6365-2] Open VM Tools vulnerability
Ubuntu Security Notice USN-6365-2
September 25, 2023
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Open VM Tools could allow unintended access to network services.
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware
USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker could possibly use this issue to bypass SAML token
signature verification and perform VMware Tools Guest Operations.
The problem can be corrected by updating your system to the following
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
In general, a standard system update will make all the necessary changes.
An Open VM Tools security update has been released for Ubuntu Linux 16.04 LTS and 18.04 LTS.